Open Framework, Information Management Strategy & Collaborative Governance | Data & Social Methodology - MIKE2.0 Methodology
Wiki Home
Collapse Expand Close

Members
Collapse Expand Close

To join, please contact us.

Improve MIKE 2.0
Collapse Expand Close
Need somewhere to start? How about the most wanted pages; or the pages we know need more work; or even the stub that somebody else has started, but hasn't been able to finish. Or create a ticket for any issues you have found.

Database Security Design Deliverable Template

From MIKE2.0 Methodology

Share/Save/Bookmark
Jump to: navigation, search
Under construction.png
This article is currently Under Construction. It is undergoing major changes as it is in the early stages of development. Users should help contribute to this article to get it to the point where is ready for a Peer Review.
This deliverable template is used to describe a sample of the MIKE2.0 Methodology (typically at a task level). More templates are now being added to MIKE2.0 as this has been a frequently requested aspect of the methodology. Contributors are strongly encouraged to assist in this effort.
Deliverable templates are illustrative as opposed to fully representative. Please help add examples to this template that are representative of the proposed output.

The Database Security Design task defines the controls that will be implemented to restrict users from accessing information, based on how the information is classified and the security model. Example controls include:

  • Restricting the rights a user has to access information
  • Restricting the rights a user has to perform certain functions, e.g. only letting a system user drop tables
  • Tracking activities in the database to provide an audit trail if needed

Database security is the last line of defense to protect information assets. For an information management engagement it is typically the area where the implementation team will be most directly involved.

Contents

Examples

Example 1 - Sample Database security controls for a data warehouse

Database Security

The default security policy for the project is a closed one – users are granted access on a need-to-see basis, and the access rights are regularly reviewed.

Please refer to the Data Warehouse Security Strategy document for more information.

Access controls

Standard Client access controls will be applied to both the data warehouse servers and the client-access machines.

Servers will be housed in the Client data room, and will be directly accessible only to authorized IT staff.

Please refer to the existing Client documentation for more information regarding workstation access controls.

Authentication

Majority of the end-users will authenticate against the Web server – in this case, MicroStrategy. MicroStrategy can use LDAP to pass authentication requests to the NDS infrastructure, and this option is being investigated. In lieu of NDS integration, user accounts will be maintained within MicroStrategy.

Users accessing other solution components will authenticate using application-level security mechanisms.

Novell NDS is used to authenticate user access to individual workstations. Please refer to the Client Security Architecture document for more information regarding user authentication.

Authorization

Oracle database authorization mechanisms will be used to manage user access to the data warehouse resources. Novell NDS may be integrated to provide LDAP authorization capabilities.

Restricted entities (table and column security)

Certain tables or columns may be inaccessible to most users. Access restriction profiles will be controlled using Oracle roles, and defined as a result of source system analysis.

Restricted content (row-level security)

For performance reasons, row-level security will not be used.

Instrumentation and logging

Standard database and application logging facilities will be used. Existing Client server management applications will be relied upon for log analysis.

Certification and non-repudiation

No certification or non-repudiation capabilities are deemed necessary for the data warehouse

Wiki Contributors
Collapse Expand Close